European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

The European Commission (EC) has confirmed that hackers stole over 300GB of data from its AWS environment using an API key compromised in the Trivy supply chain attack.

The incident occurred on March 24 and was initially disclosed on March 27, when the EC warned that cloud infrastructure hosting its resources for the Europa.eu platform had been breached.

Now, CERT-EU reveals that the hack involved an AWS cloud account that is part of the backend for the Europa.eu hosting service, which supports public websites for the EC and other European Union entities.

Hackers gained access to the AWS account using an API key compromised on March 19 in the supply chain attack on Aqua Security’s Trivy vulnerability scanner, carried out by the TeamPCP hacking group.

“The European Commission was unwittingly using a compromised version of Trivy during the relevant timeframe, having received it through normal software update ...